According to Article 3 of the Anti-Money Laundering Act (AMLA), the identification of a bank customer aims at determining their true identity. In contrast to identification, authentication is not limited to natural or legal persons.

Authentication refers to the process of checking a claim made by a person towards a legal entity or a system, e.g. a computer program. A login is a widely-known method of authentication: a user claims to be registered under a particular username. In the most straightforward scenario, the check is based on the assumption that only the real user knows a specific secret; for example, a password. This simple procedure is sometimes supplemented by objects (smartcards, SIM cards, etc.) and/or biometric data (fingerprints, facial or voice recognition, etc.).

Biometric characteristics are likely to play a significant role in identifying customers and partners in future. Using FaceNet, Google was able to identify 750,000 out of a million faces – 75%.

 Apple has now changed the rules of the game and claims to have achieved a false acceptance rate of 1:1,000,000 with its new Face ID on the iPhone X. The new rules focus on 3D and hardware.

Rather than recognizing objects in two-dimensional images, special hardware captures and compares three-dimensional facial contours using adaptive pattern recognition (pattern matching). The possibility of capturing and securely storing facial contours and other biometric characteristics using a personal device also raises interesting questions with regard to data security.

In information security, authorization refers to which access rights an authenticated user has to particular objects; for example, the ability to read and change certain files.

Complete Revision of the Federal Data Protection Act

The complete revision's draft of the Federal Data Protection Act is currently in political consultation. Data Protection is to be increased by giving people more control over their private data as well as reinforcing transparancy regarding the handling of confidential data.

Links: draft, report

Eurospider Information Technology AG
Schaffhauserstrasse 18
8006 Zürich